216.73.217.64

CVE-2024-40585

· Published 14/03/2025 16:15 · Modified 14/03/2025 16:15

Labels: CVE-2024-40585 2025-03-14CVE-2024-40585CWE-532[email protected]

Essential information

Published
14/03/2025 16:15
Modified
14/03/2025 16:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
fortinet / fortimanager cpe:2.3:a:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
fortinet / fortianalyzer cpe:2.3:a:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*

References